From e007f6948df6da0ab231c6d750643062643adc8e Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Thu, 5 Sep 2024 09:09:28 +0200 Subject: [PATCH] [bitnami/cilium] Add init-container on UI to wait for Hubble Relay (#29207) --- bitnami/cilium/CHANGELOG.md | 6 +- bitnami/cilium/Chart.yaml | 2 +- bitnami/cilium/README.md | 296 +++++++++--------- .../templates/hubble-relay/deployment.yaml | 2 +- .../templates/hubble-ui/_init_containers.tpl | 98 ++++++ .../templates/hubble-ui/deployment.yaml | 27 +- bitnami/cilium/values.yaml | 50 +++ 7 files changed, 311 insertions(+), 170 deletions(-) create mode 100644 bitnami/cilium/templates/hubble-ui/_init_containers.tpl diff --git a/bitnami/cilium/CHANGELOG.md b/bitnami/cilium/CHANGELOG.md index a1ec576d5f..5bf993da29 100644 --- a/bitnami/cilium/CHANGELOG.md +++ b/bitnami/cilium/CHANGELOG.md @@ -1,8 +1,12 @@ # Changelog +## 1.2.0 (2024-09-05) + +* [bitnami/cilium] Add init-container on UI to wait for Hubble Relay ([#29207](https://github.com/bitnami/charts/pull/29207)) + ## 1.1.0 (2024-09-04) -* [bitnami/cilium] Add init-container on Relay to wait for Hubble Peers ([#29191](https://github.com/bitnami/charts/pull/29191)) +* [bitnami/cilium] Add init-container on Relay to wait for Hubble Peers (#29191) ([02cdc02](https://github.com/bitnami/charts/commit/02cdc02d2b6e121ecd4caf558aa1bb17791cd90e)), closes [#29191](https://github.com/bitnami/charts/issues/29191) ## 1.0.20 (2024-08-29) diff --git a/bitnami/cilium/Chart.yaml b/bitnami/cilium/Chart.yaml index 299145e59b..74b4117b67 100644 --- a/bitnami/cilium/Chart.yaml +++ b/bitnami/cilium/Chart.yaml @@ -52,4 +52,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/hubble-relay - https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui - https://github.com/bitnami/containers/tree/main/bitnami/hubble-ui-backend -version: 1.1.0 +version: 1.2.0 diff --git a/bitnami/cilium/README.md b/bitnami/cilium/README.md index ef2f584e84..cea4f986cf 100644 --- a/bitnami/cilium/README.md +++ b/bitnami/cilium/README.md @@ -928,148 +928,160 @@ As an alternative, use one of the preset configurations for pod affinity, pod an ### Hubble UI Parameters -| Name | Description | Value | -| ---------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `hubble.ui.enabled` | Enable Hubble UI | `false` | -| `hubble.ui.frontend.image.registry` | Hubble UI image registry | `REGISTRY_NAME` | -| `hubble.ui.frontend.image.repository` | Hubble UI image repository | `REPOSITORY_NAME/hubble-ui` | -| `hubble.ui.frontend.image.digest` | Hubble UI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | -| `hubble.ui.frontend.image.pullPolicy` | Hubble UI image pull policy | `IfNotPresent` | -| `hubble.ui.frontend.image.pullSecrets` | Hubble UI image pull secrets | `[]` | -| `hubble.ui.frontend.image.debug` | Enable Hubble UI image debug mode | `false` | -| `hubble.ui.frontend.containerPorts.http` | Hubble UI frontend HTTP container port | `8081` | -| `hubble.ui.frontend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI frontend containers | `[]` | -| `hubble.ui.frontend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI frontend containers | `true` | -| `hubble.ui.frontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `hubble.ui.frontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `hubble.ui.frontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | -| `hubble.ui.frontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `hubble.ui.frontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `hubble.ui.frontend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI frontend containers | `true` | -| `hubble.ui.frontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `hubble.ui.frontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `hubble.ui.frontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `hubble.ui.frontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `hubble.ui.frontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `hubble.ui.frontend.startupProbe.enabled` | Enable startupProbe on Hubble UI frontend containers | `false` | -| `hubble.ui.frontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `hubble.ui.frontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` | -| `hubble.ui.frontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `hubble.ui.frontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` | -| `hubble.ui.frontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `hubble.ui.frontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `hubble.ui.frontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `hubble.ui.frontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `hubble.ui.frontend.resourcesPreset` | Set Hubble UI frontend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.frontend.resources is set (hubble.ui.frontend.resources is recommended for production). | `nano` | -| `hubble.ui.frontend.resources` | Set Hubble UI frontend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `hubble.ui.frontend.containerSecurityContext.enabled` | Enabled Hubble UI frontend container' Security Context | `true` | -| `hubble.ui.frontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI frontend container | `{}` | -| `hubble.ui.frontend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI frontend container' Security Context | `1001` | -| `hubble.ui.frontend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI frontend container' Security Context | `1001` | -| `hubble.ui.frontend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI frontend container' Security Context | `true` | -| `hubble.ui.frontend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI frontend container' Security Context | `true` | -| `hubble.ui.frontend.containerSecurityContext.privileged` | Set privileged in Hubble UI frontend container' Security Context | `false` | -| `hubble.ui.frontend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI frontend container' Security Context | `false` | -| `hubble.ui.frontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI frontend container | `["ALL"]` | -| `hubble.ui.frontend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI frontend container | `RuntimeDefault` | -| `hubble.ui.frontend.enableIPv6` | Enable IPv6 for Hubble UI frontend | `false` | -| `hubble.ui.frontend.serverBlock` | Custom server block to be used to configure NGINX (ignored if existingServerBlockConfigmap is set) | `""` | -| `hubble.ui.frontend.existingServerBlockConfigmap` | ConfigMap with custom server block to be used to configure NGINX | `""` | -| `hubble.ui.frontend.command` | Override default Hubble UI frontend container command (useful when using custom images) | `[]` | -| `hubble.ui.frontend.args` | Override default Hubble UI frontend container args (useful when using custom images) | `[]` | -| `hubble.ui.frontend.lifecycleHooks` | for Hubble UI frontend containers to automate configuration before or after startup | `{}` | -| `hubble.ui.frontend.extraEnvVars` | Array with extra environment variables to add to Hubble UI frontend containers | `[]` | -| `hubble.ui.frontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI frontend containers | `""` | -| `hubble.ui.frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI frontend containers | `""` | -| `hubble.ui.frontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI frontend containers | `[]` | -| `hubble.ui.backend.image.registry` | Hubble UI Backend image registry | `REGISTRY_NAME` | -| `hubble.ui.backend.image.repository` | Hubble UI Backend image repository | `REPOSITORY_NAME/hubble-ui-backend` | -| `hubble.ui.backend.image.digest` | Hubble UI Backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | -| `hubble.ui.backend.image.pullPolicy` | Hubble UI Backend image pull policy | `IfNotPresent` | -| `hubble.ui.backend.image.pullSecrets` | Hubble UI Backend image pull secrets | `[]` | -| `hubble.ui.backend.containerPorts.http` | Hubble UI backend HTTP container port | `8090` | -| `hubble.ui.backend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI backend containers | `[]` | -| `hubble.ui.backend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI backend containers | `true` | -| `hubble.ui.backend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `hubble.ui.backend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `hubble.ui.backend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | -| `hubble.ui.backend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `hubble.ui.backend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `hubble.ui.backend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI backend containers | `true` | -| `hubble.ui.backend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `hubble.ui.backend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `hubble.ui.backend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `hubble.ui.backend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `hubble.ui.backend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `hubble.ui.backend.startupProbe.enabled` | Enable startupProbe on Hubble UI backend containers | `false` | -| `hubble.ui.backend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | -| `hubble.ui.backend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` | -| `hubble.ui.backend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `hubble.ui.backend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` | -| `hubble.ui.backend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `hubble.ui.backend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `hubble.ui.backend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `hubble.ui.backend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `hubble.ui.backend.resourcesPreset` | Set Hubble UI backend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.backend.resources is set (hubble.ui.backend.resources is recommended for production). | `nano` | -| `hubble.ui.backend.resources` | Set Hubble UI backend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | -| `hubble.ui.backend.containerSecurityContext.enabled` | Enabled Hubble UI backend container' Security Context | `true` | -| `hubble.ui.backend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI backend container | `{}` | -| `hubble.ui.backend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI backend container' Security Context | `1001` | -| `hubble.ui.backend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI backend container' Security Context | `1001` | -| `hubble.ui.backend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI backend container' Security Context | `true` | -| `hubble.ui.backend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI backend container' Security Context | `true` | -| `hubble.ui.backend.containerSecurityContext.privileged` | Set privileged in Hubble UI backend container' Security Context | `false` | -| `hubble.ui.backend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI backend container' Security Context | `false` | -| `hubble.ui.backend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI backend container | `["ALL"]` | -| `hubble.ui.backend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI backend container | `RuntimeDefault` | -| `hubble.ui.backend.command` | Override default Hubble UI backend container command (useful when using custom images) | `[]` | -| `hubble.ui.backend.args` | Override default Hubble UI backend container args (useful when using custom images) | `[]` | -| `hubble.ui.backend.lifecycleHooks` | for Hubble UI backend containers to automate configuration before or after startup | `{}` | -| `hubble.ui.backend.extraEnvVars` | Array with extra environment variables to add to Hubble UI backend containers | `[]` | -| `hubble.ui.backend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI backend containers | `""` | -| `hubble.ui.backend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI backend containers | `""` | -| `hubble.ui.backend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI backend containers | `[]` | -| `hubble.ui.replicaCount` | Number of Hubble UI replicas to deploy | `1` | -| `hubble.ui.podSecurityContext.enabled` | Enable Hubble UI pods' Security Context | `true` | -| `hubble.ui.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy for Hubble UI pods | `Always` | -| `hubble.ui.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface for Hubble UI pods | `[]` | -| `hubble.ui.podSecurityContext.supplementalGroups` | Set filesystem extra groups for Hubble UI pods | `[]` | -| `hubble.ui.podSecurityContext.fsGroup` | Set fsGroup in Hubble UI pods' Security Context | `1001` | -| `hubble.ui.automountServiceAccountToken` | Mount Service Account token in Hubble UI pods | `true` | -| `hubble.ui.hostAliases` | Hubble UI pods host aliases | `[]` | -| `hubble.ui.deploymentAnnotations` | Annotations for Hubble UI deployment | `{}` | -| `hubble.ui.podLabels` | Extra labels for Hubble UI pods | `{}` | -| `hubble.ui.podAnnotations` | Annotations for Hubble UI pods | `{}` | -| `hubble.ui.podAffinityPreset` | Pod affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hubble.ui.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `hubble.ui.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `hubble.ui.nodeAffinityPreset.key` | Node label key to match. Ignored if `hubble.ui.affinity` is set | `""` | -| `hubble.ui.nodeAffinityPreset.values` | Node label values to match. Ignored if `hubble.ui.affinity` is set | `[]` | -| `hubble.ui.affinity` | Affinity for Hubble UI pods assignment | `{}` | -| `hubble.ui.nodeSelector` | Node labels for Hubble UI pods assignment | `{}` | -| `hubble.ui.tolerations` | Tolerations for Hubble UI pods assignment | `[]` | -| `hubble.ui.updateStrategy.type` | Hubble UI deployment strategy type | `RollingUpdate` | -| `hubble.ui.priorityClassName` | Hubble UI pods' priorityClassName | `""` | -| `hubble.ui.topologySpreadConstraints` | Topology Spread Constraints for Hubble UI pod assignment spread across your cluster among failure-domains | `[]` | -| `hubble.ui.schedulerName` | Name of the k8s scheduler (other than default) for Hubble UI pods | `""` | -| `hubble.ui.terminationGracePeriodSeconds` | Seconds Hubble UI pods need to terminate gracefully | `""` | -| `hubble.ui.extraVolumes` | Optionally specify extra list of additional volumes for the Hubble UI pods | `[]` | -| `hubble.ui.sidecars` | Add additional sidecar containers to the Hubble UI pods | `[]` | -| `hubble.ui.initContainers` | Add additional init containers to the Hubble UI pods | `[]` | -| `hubble.ui.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | -| `hubble.ui.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | -| `hubble.ui.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `hubble.ui.pdb.minAvailable` and `hubble.ui.pdb.maxUnavailable` are empty. | `""` | -| `hubble.ui.autoscaling.vpa.enabled` | Enable VPA for Hubble UI pods | `false` | -| `hubble.ui.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | -| `hubble.ui.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | -| `hubble.ui.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | -| `hubble.ui.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | -| `hubble.ui.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | -| `hubble.ui.autoscaling.hpa.enabled` | Enable HPA for Hubble UI pods | `false` | -| `hubble.ui.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | -| `hubble.ui.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | -| `hubble.ui.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | -| `hubble.ui.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| Name | Description | Value | +| ------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `hubble.ui.enabled` | Enable Hubble UI | `false` | +| `hubble.ui.frontend.image.registry` | Hubble UI image registry | `REGISTRY_NAME` | +| `hubble.ui.frontend.image.repository` | Hubble UI image repository | `REPOSITORY_NAME/hubble-ui` | +| `hubble.ui.frontend.image.digest` | Hubble UI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `hubble.ui.frontend.image.pullPolicy` | Hubble UI image pull policy | `IfNotPresent` | +| `hubble.ui.frontend.image.pullSecrets` | Hubble UI image pull secrets | `[]` | +| `hubble.ui.frontend.image.debug` | Enable Hubble UI image debug mode | `false` | +| `hubble.ui.frontend.containerPorts.http` | Hubble UI frontend HTTP container port | `8081` | +| `hubble.ui.frontend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI frontend containers | `[]` | +| `hubble.ui.frontend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI frontend containers | `true` | +| `hubble.ui.frontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `hubble.ui.frontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `hubble.ui.frontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | +| `hubble.ui.frontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `hubble.ui.frontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `hubble.ui.frontend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI frontend containers | `true` | +| `hubble.ui.frontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `hubble.ui.frontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `hubble.ui.frontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `hubble.ui.frontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `hubble.ui.frontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `hubble.ui.frontend.startupProbe.enabled` | Enable startupProbe on Hubble UI frontend containers | `false` | +| `hubble.ui.frontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `hubble.ui.frontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` | +| `hubble.ui.frontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `hubble.ui.frontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` | +| `hubble.ui.frontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `hubble.ui.frontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `hubble.ui.frontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `hubble.ui.frontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `hubble.ui.frontend.resourcesPreset` | Set Hubble UI frontend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.frontend.resources is set (hubble.ui.frontend.resources is recommended for production). | `nano` | +| `hubble.ui.frontend.resources` | Set Hubble UI frontend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `hubble.ui.frontend.containerSecurityContext.enabled` | Enabled Hubble UI frontend container' Security Context | `true` | +| `hubble.ui.frontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI frontend container | `{}` | +| `hubble.ui.frontend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI frontend container' Security Context | `1001` | +| `hubble.ui.frontend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI frontend container' Security Context | `1001` | +| `hubble.ui.frontend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI frontend container' Security Context | `true` | +| `hubble.ui.frontend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI frontend container' Security Context | `true` | +| `hubble.ui.frontend.containerSecurityContext.privileged` | Set privileged in Hubble UI frontend container' Security Context | `false` | +| `hubble.ui.frontend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI frontend container' Security Context | `false` | +| `hubble.ui.frontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI frontend container | `["ALL"]` | +| `hubble.ui.frontend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI frontend container | `RuntimeDefault` | +| `hubble.ui.frontend.enableIPv6` | Enable IPv6 for Hubble UI frontend | `false` | +| `hubble.ui.frontend.serverBlock` | Custom server block to be used to configure NGINX (ignored if existingServerBlockConfigmap is set) | `""` | +| `hubble.ui.frontend.existingServerBlockConfigmap` | ConfigMap with custom server block to be used to configure NGINX | `""` | +| `hubble.ui.frontend.command` | Override default Hubble UI frontend container command (useful when using custom images) | `[]` | +| `hubble.ui.frontend.args` | Override default Hubble UI frontend container args (useful when using custom images) | `[]` | +| `hubble.ui.frontend.lifecycleHooks` | for Hubble UI frontend containers to automate configuration before or after startup | `{}` | +| `hubble.ui.frontend.extraEnvVars` | Array with extra environment variables to add to Hubble UI frontend containers | `[]` | +| `hubble.ui.frontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI frontend containers | `""` | +| `hubble.ui.frontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI frontend containers | `""` | +| `hubble.ui.frontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI frontend containers | `[]` | +| `hubble.ui.backend.image.registry` | Hubble UI Backend image registry | `REGISTRY_NAME` | +| `hubble.ui.backend.image.repository` | Hubble UI Backend image repository | `REPOSITORY_NAME/hubble-ui-backend` | +| `hubble.ui.backend.image.digest` | Hubble UI Backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `hubble.ui.backend.image.pullPolicy` | Hubble UI Backend image pull policy | `IfNotPresent` | +| `hubble.ui.backend.image.pullSecrets` | Hubble UI Backend image pull secrets | `[]` | +| `hubble.ui.backend.containerPorts.http` | Hubble UI backend HTTP container port | `8090` | +| `hubble.ui.backend.extraContainerPorts` | Optionally specify extra list of additional ports for Hubble UI backend containers | `[]` | +| `hubble.ui.backend.livenessProbe.enabled` | Enable livenessProbe on Hubble UI backend containers | `true` | +| `hubble.ui.backend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `hubble.ui.backend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `hubble.ui.backend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | +| `hubble.ui.backend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `hubble.ui.backend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `hubble.ui.backend.readinessProbe.enabled` | Enable readinessProbe on Hubble UI backend containers | `true` | +| `hubble.ui.backend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `hubble.ui.backend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `hubble.ui.backend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `hubble.ui.backend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `hubble.ui.backend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `hubble.ui.backend.startupProbe.enabled` | Enable startupProbe on Hubble UI backend containers | `false` | +| `hubble.ui.backend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `hubble.ui.backend.startupProbe.periodSeconds` | Period seconds for startupProbe | `3` | +| `hubble.ui.backend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `hubble.ui.backend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `20` | +| `hubble.ui.backend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `hubble.ui.backend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `hubble.ui.backend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `hubble.ui.backend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `hubble.ui.backend.resourcesPreset` | Set Hubble UI backend container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.backend.resources is set (hubble.ui.backend.resources is recommended for production). | `nano` | +| `hubble.ui.backend.resources` | Set Hubble UI backend container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `hubble.ui.backend.containerSecurityContext.enabled` | Enabled Hubble UI backend container' Security Context | `true` | +| `hubble.ui.backend.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI backend container | `{}` | +| `hubble.ui.backend.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI backend container' Security Context | `1001` | +| `hubble.ui.backend.containerSecurityContext.runAsGroup` | Set runAsGroup in Hubble UI backend container' Security Context | `1001` | +| `hubble.ui.backend.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI backend container' Security Context | `true` | +| `hubble.ui.backend.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI backend container' Security Context | `true` | +| `hubble.ui.backend.containerSecurityContext.privileged` | Set privileged in Hubble UI backend container' Security Context | `false` | +| `hubble.ui.backend.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI backend container' Security Context | `false` | +| `hubble.ui.backend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI backend container | `["ALL"]` | +| `hubble.ui.backend.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI backend container | `RuntimeDefault` | +| `hubble.ui.backend.command` | Override default Hubble UI backend container command (useful when using custom images) | `[]` | +| `hubble.ui.backend.args` | Override default Hubble UI backend container args (useful when using custom images) | `[]` | +| `hubble.ui.backend.lifecycleHooks` | for Hubble UI backend containers to automate configuration before or after startup | `{}` | +| `hubble.ui.backend.extraEnvVars` | Array with extra environment variables to add to Hubble UI backend containers | `[]` | +| `hubble.ui.backend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Hubble UI backend containers | `""` | +| `hubble.ui.backend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Hubble UI backend containers | `""` | +| `hubble.ui.backend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Hubble UI backend containers | `[]` | +| `hubble.ui.replicaCount` | Number of Hubble UI replicas to deploy | `1` | +| `hubble.ui.podSecurityContext.enabled` | Enable Hubble UI pods' Security Context | `true` | +| `hubble.ui.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy for Hubble UI pods | `Always` | +| `hubble.ui.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface for Hubble UI pods | `[]` | +| `hubble.ui.podSecurityContext.supplementalGroups` | Set filesystem extra groups for Hubble UI pods | `[]` | +| `hubble.ui.podSecurityContext.fsGroup` | Set fsGroup in Hubble UI pods' Security Context | `1001` | +| `hubble.ui.automountServiceAccountToken` | Mount Service Account token in Hubble UI pods | `true` | +| `hubble.ui.hostAliases` | Hubble UI pods host aliases | `[]` | +| `hubble.ui.deploymentAnnotations` | Annotations for Hubble UI deployment | `{}` | +| `hubble.ui.podLabels` | Extra labels for Hubble UI pods | `{}` | +| `hubble.ui.podAnnotations` | Annotations for Hubble UI pods | `{}` | +| `hubble.ui.podAffinityPreset` | Pod affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hubble.ui.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `hubble.ui.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `hubble.ui.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `hubble.ui.nodeAffinityPreset.key` | Node label key to match. Ignored if `hubble.ui.affinity` is set | `""` | +| `hubble.ui.nodeAffinityPreset.values` | Node label values to match. Ignored if `hubble.ui.affinity` is set | `[]` | +| `hubble.ui.affinity` | Affinity for Hubble UI pods assignment | `{}` | +| `hubble.ui.nodeSelector` | Node labels for Hubble UI pods assignment | `{}` | +| `hubble.ui.tolerations` | Tolerations for Hubble UI pods assignment | `[]` | +| `hubble.ui.updateStrategy.type` | Hubble UI deployment strategy type | `RollingUpdate` | +| `hubble.ui.priorityClassName` | Hubble UI pods' priorityClassName | `""` | +| `hubble.ui.topologySpreadConstraints` | Topology Spread Constraints for Hubble UI pod assignment spread across your cluster among failure-domains | `[]` | +| `hubble.ui.schedulerName` | Name of the k8s scheduler (other than default) for Hubble UI pods | `""` | +| `hubble.ui.terminationGracePeriodSeconds` | Seconds Hubble UI pods need to terminate gracefully | `""` | +| `hubble.ui.extraVolumes` | Optionally specify extra list of additional volumes for the Hubble UI pods | `[]` | +| `hubble.ui.sidecars` | Add additional sidecar containers to the Hubble UI pods | `[]` | +| `hubble.ui.initContainers` | Add additional init containers to the Hubble UI pods | `[]` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.enabled` | Enabled Hubble UI init-containers' Security Context | `true` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seLinuxOptions` | Set SELinux options in Hubble UI init-containers | `{}` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsUser` | Set runAsUser in Hubble UI init-containers' Security Context | `1001` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsGroup` | Set runAsUser in Hubble UI init-containers' Security Context | `1001` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsNonRoot` | Set runAsNonRoot in Hubble UI init-containers' Security Context | `true` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.readOnlyRootFilesystem` | Set readOnlyRootFilesystem in Hubble UI init-containers' Security Context | `true` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.privileged` | Set privileged in Hubble UI init-containers' Security Context | `false` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Hubble UI init-containers' Security Context | `false` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped in Hubble UI init-containers | `["ALL"]` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seccompProfile.type` | Set seccomp profile in Hubble UI init-containers | `RuntimeDefault` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset` | Set Hubble UI "wait-for-hubble-relay" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.resources is set (hubble.ui.defaultInitContainers.waitForHubbleRelay.resources is recommended for production). | `nano` | +| `hubble.ui.defaultInitContainers.waitForHubbleRelay.resources` | Set Hubble UI "wait-for-hubble-relay" init container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `hubble.ui.pdb.create` | Enable/disable a Pod Disruption Budget creation | `true` | +| `hubble.ui.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` | +| `hubble.ui.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `hubble.ui.pdb.minAvailable` and `hubble.ui.pdb.maxUnavailable` are empty. | `""` | +| `hubble.ui.autoscaling.vpa.enabled` | Enable VPA for Hubble UI pods | `false` | +| `hubble.ui.autoscaling.vpa.annotations` | Annotations for VPA resource | `{}` | +| `hubble.ui.autoscaling.vpa.controlledResources` | VPA List of resources that the vertical pod autoscaler can control. Defaults to cpu and memory | `[]` | +| `hubble.ui.autoscaling.vpa.maxAllowed` | VPA Max allowed resources for the pod | `{}` | +| `hubble.ui.autoscaling.vpa.minAllowed` | VPA Min allowed resources for the pod | `{}` | +| `hubble.ui.autoscaling.vpa.updatePolicy.updateMode` | Autoscaling update policy | `Auto` | +| `hubble.ui.autoscaling.hpa.enabled` | Enable HPA for Hubble UI pods | `false` | +| `hubble.ui.autoscaling.hpa.minReplicas` | Minimum number of replicas | `""` | +| `hubble.ui.autoscaling.hpa.maxReplicas` | Maximum number of replicas | `""` | +| `hubble.ui.autoscaling.hpa.targetCPU` | Target CPU utilization percentage | `""` | +| `hubble.ui.autoscaling.hpa.targetMemory` | Target Memory utilization percentage | `""` | ### Hubble UI Traffic Exposure Parameters diff --git a/bitnami/cilium/templates/hubble-relay/deployment.yaml b/bitnami/cilium/templates/hubble-relay/deployment.yaml index 3089567228..bcc01e623e 100644 --- a/bitnami/cilium/templates/hubble-relay/deployment.yaml +++ b/bitnami/cilium/templates/hubble-relay/deployment.yaml @@ -83,7 +83,7 @@ spec: terminationGracePeriodSeconds: {{ .Values.hubble.relay.terminationGracePeriodSeconds }} {{- end }} initContainers: - {{- include "cilium.hubble.relay.waitForHubble" . | nindent 8}} + {{- include "cilium.hubble.relay.waitForHubble" . | nindent 8 }} {{- if .Values.hubble.relay.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.hubble.relay.initContainers "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/cilium/templates/hubble-ui/_init_containers.tpl b/bitnami/cilium/templates/hubble-ui/_init_containers.tpl new file mode 100644 index 0000000000..7c6209d4c8 --- /dev/null +++ b/bitnami/cilium/templates/hubble-ui/_init_containers.tpl @@ -0,0 +1,98 @@ +{{/* +Copyright Broadcom, Inc. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{/* +Returns an init-container that waits for Hubble Relay to be ready +*/}} +{{- define "cilium.hubble.ui.waitForHubbleRelay" -}} +- name: wait-for-hubble-relay + image: {{ include "cilium.hubble.relay.image" . }} + imagePullPolicy: {{ .Values.hubble.relay.image.pullPolicy }} + {{- if .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resources }} + resources: {{- toYaml .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resources | nindent 4 }} + {{- else if ne .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + set -o errexit + set -o nounset + set -o pipefail + + retry_while() { + local cmd="${1:?cmd is missing}" + local retries="${2:-12}" + local sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<<"$cmd" + for ((i = 1; i <= retries; i += 1)); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value + } + + exit_code=0 + if ! retry_while "grpc-health-probe -addr=${HUBBLE_RELAY_ENDPOINT} ${GRPC_FLAGS}"; then + echo "hubble is not ready" + exit_code=1 + else + echo "hubble ready" + fi + + exit "$exit_code" + env: + - name: HUBBLE_RELAY_ENDPOINT + value: {{ printf "%s.%s.svc.%s:%d" (include "cilium.hubble.relay.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain (int .Values.hubble.relay.service.ports.grpc) | quote }} + {{- if not .Values.hubble.tls.enabled }} + - name: GRPC_FLAGS + value: "-rpc-timeout=2s" + {{- else }} + - name: GRPC_FLAGS + value: "-rpc-timeout=2s -tls -tls-ca-cert=/certs/client/ca.crt -tls-client-cert=/certs/client/tls.crt -tls-client-key=/certs/client/tls.key" + volumeMounts: + - name: client-cert + readOnly: true + mountPath: /certs/client + {{- end }} +{{- end -}} + +{{/* +Returns an init-container that preserves the NGINX logs symlinks +*/}} +{{- define "cilium.hubble.ui.preserveLogLinks" -}} +- name: preserve-logs-symlinks + image: {{ template "cilium.hubble.ui.frontend.image" . }} + imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }} + {{- if .Values.hubble.ui.frontend.containerSecurityContext.enabled }} + securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hubble.ui.frontend.containerSecurityContext "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.hubble.ui.frontend.resources }} + resources: {{- toYaml .Values.hubble.ui.frontend.resources | nindent 4 }} + {{- else if ne .Values.hubble.ui.frontend.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.hubble.ui.frontend.resourcesPreset) | nindent 4 }} + {{- end }} + command: + - /bin/bash + args: + - -ec + - | + . /opt/bitnami/scripts/libfs.sh + + # We copy the logs folder because it has symlinks to stdout and stderr + if ! is_dir_empty /opt/bitnami/nginx/logs; then + cp -r /opt/bitnami/nginx/logs /emptydir/nginx-logs-dir + fi + volumeMounts: + - name: empty-dir + mountPath: /emptydir +{{- end -}} diff --git a/bitnami/cilium/templates/hubble-ui/deployment.yaml b/bitnami/cilium/templates/hubble-ui/deployment.yaml index a5744bcf8a..b39d50f158 100644 --- a/bitnami/cilium/templates/hubble-ui/deployment.yaml +++ b/bitnami/cilium/templates/hubble-ui/deployment.yaml @@ -83,31 +83,8 @@ spec: terminationGracePeriodSeconds: {{ .Values.hubble.ui.terminationGracePeriodSeconds }} {{- end }} initContainers: - - name: preserve-logs-symlinks - image: {{ template "cilium.hubble.ui.frontend.image" . }} - imagePullPolicy: {{ .Values.hubble.ui.frontend.image.pullPolicy }} - {{- if .Values.hubble.ui.frontend.containerSecurityContext.enabled }} - securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.hubble.ui.frontend.containerSecurityContext "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.hubble.ui.frontend.resources }} - resources: {{- toYaml .Values.hubble.ui.frontend.resources | nindent 12 }} - {{- else if ne .Values.hubble.ui.frontend.resourcesPreset "none" }} - resources: {{- include "common.resources.preset" (dict "type" .Values.hubble.ui.frontend.resourcesPreset) | nindent 12 }} - {{- end }} - command: - - /bin/bash - args: - - -ec - - | - . /opt/bitnami/scripts/libfs.sh - - # We copy the logs folder because it has symlinks to stdout and stderr - if ! is_dir_empty /opt/bitnami/nginx/logs; then - cp -r /opt/bitnami/nginx/logs /emptydir/nginx-logs-dir - fi - volumeMounts: - - name: empty-dir - mountPath: /emptydir + {{- include "cilium.hubble.ui.waitForHubbleRelay" . | nindent 8 }} + {{- include "cilium.hubble.ui.preserveLogLinks" . | nindent 8 }} {{- if .Values.hubble.ui.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.hubble.ui.initContainers "context" $) | nindent 8 }} {{- end }} diff --git a/bitnami/cilium/values.yaml b/bitnami/cilium/values.yaml index 72be81b5c1..da5131d2da 100644 --- a/bitnami/cilium/values.yaml +++ b/bitnami/cilium/values.yaml @@ -3147,6 +3147,56 @@ hubble: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] + ## Default init Containers + ## + defaultInitContainers: + ## Hubble UI "wait-for-hubble-relay" init container + ## Used to waits for kube-proxy to be ready + ## + waitForHubbleRelay: + ## Configure "wait-for-hubble-relay" init-container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.enabled Enabled Hubble UI init-containers' Security Context + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Hubble UI init-containers + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsUser Set runAsUser in Hubble UI init-containers' Security Context + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsGroup Set runAsUser in Hubble UI init-containers' Security Context + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Hubble UI init-containers' Security Context + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Hubble UI init-containers' Security Context + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.privileged Set privileged in Hubble UI init-containers' Security Context + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Hubble UI init-containers' Security Context + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Hubble UI init-containers + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.containerSecurityContext.seccompProfile.type Set seccomp profile in Hubble UI init-containers + ## + containerSecurityContext: + enabled: true + seLinuxOptions: {} + runAsUser: 1001 + runAsGroup: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + ## Hubble UI "wait-for-hubble-relay" init container resource requests and limits + ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.resourcesPreset Set Hubble UI "wait-for-hubble-relay" init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hubble.ui.resources is set (hubble.ui.defaultInitContainers.waitForHubbleRelay.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "nano" + ## @param hubble.ui.defaultInitContainers.waitForHubbleRelay.resources Set Hubble UI "wait-for-hubble-relay" init container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param hubble.ui.pdb.create Enable/disable a Pod Disruption Budget creation